github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-23 09:31:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

moved hard-coded configuration to properties file and added some additional debugging

Browse Source
This commit is contained in:
Jeremy Long
2016-10-28 08:44:43 -04:00
parent 773ac019f8
commit a12bc44ecd
7 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dependency-check-core/src/main/resources/dependencycheck.properties
View File

@@ -80,6 +80,7 @@ archive.scan.depth=3
# use HEAD (default) or GET as HTTP request method for query timestamp # use HEAD (default) or GET as HTTP request method for query timestamp
downloader.quick.query.timestamp=true downloader.quick.query.timestamp=true
downloader.tls.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
analyzer.experimental.enabled=false analyzer.experimental.enabled=false
analyzer.jar.enabled=true analyzer.jar.enabled=true

1
dependency-check-core/src/test/resources/dependencycheck.properties
View File

@@ -75,6 +75,7 @@ archive.scan.depth=3
# use HEAD (default) or GET as HTTP request method for query timestamp # use HEAD (default) or GET as HTTP request method for query timestamp
downloader.quick.query.timestamp=true downloader.quick.query.timestamp=true
downloader.tls.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
analyzer.experimental.enabled=true analyzer.experimental.enabled=true
analyzer.jar.enabled=true analyzer.jar.enabled=true

7
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Downloader.java
View File

@@ -151,6 +151,13 @@ public final class Downloader {
} finally { } finally {
conn = null; conn = null;
} }
if ("Connection reset".equalsIgnoreCase(ex.getMessage())) {
final String msg = format("TLS Connection Reset%nThis is a known issue for somme JRE/JDK; please see " +
"https://github.com/jeremylong/DependencyCheck/issues/561%nUntil this issue is resolved please " +
"consider trying a different JRE/JDK.", url.toString());
LOGGER.error(msg);
throw new DownloadFailedException(msg, ex);
}
final String msg = format("Error downloading file %s; unable to connect.", url.toString()); final String msg = format("Error downloading file %s; unable to connect.", url.toString());
throw new DownloadFailedException(msg, ex); throw new DownloadFailedException(msg, ex);
} }

15
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/SSLSocketFactoryEx.java
View File

@@ -243,17 +243,24 @@ public class SSLSocketFactoryEx extends SSLSocketFactory {
* @return the protocol list * @return the protocol list
*/ */
protected String[] getProtocolList() { protected String[] getProtocolList() {
final String[] preferredProtocols = {"TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3"};
String[] availableProtocols = null;
SSLSocket socket = null; SSLSocket socket = null;
String[] availableProtocols = null;
final String[] preferredProtocols = Settings.getString(
Settings.KEYS.DOWNLOADER_TLS_PROTOCOL_LIST,
"TLSv1,TLSv1.1,TLSv1.2,TLSv1.3")
.split(",");
try { try {
final SSLSocketFactory factory = sslCtxt.getSocketFactory(); final SSLSocketFactory factory = sslCtxt.getSocketFactory();
socket = (SSLSocket) factory.createSocket(); socket = (SSLSocket) factory.createSocket();
availableProtocols = socket.getSupportedProtocols(); availableProtocols = socket.getSupportedProtocols();
Arrays.sort(availableProtocols); Arrays.sort(availableProtocols);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Available Protocols:");
for (String p : availableProtocols) {
LOGGER.debug(p);
}
}
} catch (Exception ex) { } catch (Exception ex) {
LOGGER.debug("Error getting protocol list, using TLSv1", ex); LOGGER.debug("Error getting protocol list, using TLSv1", ex);
return new String[]{"TLSv1"}; return new String[]{"TLSv1"};

4
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java
View File

@@ -339,6 +339,10 @@ public final class Settings {
* The HTTP request method for query last modified date. * The HTTP request method for query last modified date.
*/ */
public static final String DOWNLOADER_QUICK_QUERY_TIMESTAMP = "downloader.quick.query.timestamp"; public static final String DOWNLOADER_QUICK_QUERY_TIMESTAMP = "downloader.quick.query.timestamp";
/**
* The HTTP protocol list to use.
*/
public static final String DOWNLOADER_TLS_PROTOCOL_LIST = "downloader.tls.protocols";
} }
//</editor-fold> //</editor-fold>

2
dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java
View File

@@ -198,7 +198,7 @@ public final class URLConnectionFactory {
} catch (NoSuchAlgorithmException ex) { } catch (NoSuchAlgorithmException ex) {
LOGGER.debug("Unsupported algorithm in SSLSocketFactoryEx", ex); LOGGER.debug("Unsupported algorithm in SSLSocketFactoryEx", ex);
} catch (KeyManagementException ex) { } catch (KeyManagementException ex) {
LOGGER.debug("Key mnagement eception in SSLSocketFactoryEx", ex); LOGGER.debug("Key management exception in SSLSocketFactoryEx", ex);
} }
} }
} }

3
dependency-check-utils/src/test/resources/dependencycheck.properties
View File

@@ -66,4 +66,5 @@ analyzer.nexus.url=https://repository.sonatype.org/service/local/
analyzer.nexus.proxy=true analyzer.nexus.proxy=true
# use HEAD (default) or GET as HTTP request method for query timestamp # use HEAD (default) or GET as HTTP request method for query timestamp
downloader.quick.query.timestamp=true downloader.quick.query.timestamp=true
downloader.tls.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3